From patchwork Thu Apr 25 16:03:08 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Fastabend X-Patchwork-Id: 1090952 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="Ihd1kR8g"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44qhmp62s1z9s00 for ; Fri, 26 Apr 2019 02:03:22 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726976AbfDYQDV (ORCPT ); Thu, 25 Apr 2019 12:03:21 -0400 Received: from mail-it1-f193.google.com ([209.85.166.193]:35033 "EHLO mail-it1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726818AbfDYQDV (ORCPT ); Thu, 25 Apr 2019 12:03:21 -0400 Received: by mail-it1-f193.google.com with SMTP id w15so1008164itc.0; Thu, 25 Apr 2019 09:03:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:from:to:cc:date:message-id:in-reply-to:references :user-agent:mime-version:content-transfer-encoding; bh=AW0j3ch8R3RnVdHOr9w5ogMoZRICWBWT0s9YVxGT4To=; b=Ihd1kR8gG7EVhE53ffqLR/wUpiQh0+SjP0/dGDP2Iy4OupjW44nOjjUMC6CE7oUgU+ PMdj0tCINkCd+Gi2gBEHjH0yHIbCij5mN6r2U2OK5J1NNStp0uqpZjviibtPLaXeaqp0 NNrdKBnZvGwL6F7Iw1jIPhDUyP49d/ib9J/Tj30lVlOT2ySLCYm6XYm6d10MI9pSQYgV wXOzWVkLIIWJRJr+bQcZrakJn5jyAF3d45vm5F7UZ22umkjDkZK1C2Iur6Ri1TH6IpVF sYC2P0gwJh9pbXXNRZ5L4kajxdTKKur/Cb51X5PutBHfeZ3sbUgWiXXOW903i+cX819Q wblg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:from:to:cc:date:message-id:in-reply-to :references:user-agent:mime-version:content-transfer-encoding; bh=AW0j3ch8R3RnVdHOr9w5ogMoZRICWBWT0s9YVxGT4To=; b=Z9THgCPVGE11ZVzu6rfxV5e8eboxaez/XNdIzQOlmNWuKUHZsKVHORaedInt/cfqsm HpK2vbV0y6P7U2QpMuGXkNA8VyvVWe0kJvLYTvkbRarfeVp8mjo3MpajfNH/8IaHvElb ESsiIhu6Ba6uQ9Iz3z6lxswpFdKOrVpMWMGk2L3FB3n9YuGLD39n4YSRGXvnKvNPkNuM IuJOvwoJPLeYeZL3ReKuo4q6VZw3KrrMy9y9yhdeMT7PuI8H9ekTACZMvE3S/UXNDAd5 O9wKtkcDvlc4UHNLRuBKQVgIlzkb4j4R/nu7/BuWr0B8tUmCaq/ijZ82fetFJFnbSPhg dnWg== X-Gm-Message-State: APjAAAXihxvwKiHLoshrxeCJF+u6lwAC4631NnyBOhFVsukZhO7AM3PE AS1EslHqg1cDZnRpBB5oryw= X-Google-Smtp-Source: APXvYqx19mW44tU6htfKK/rghvuLQt/tJjrBguyqbEoyxU+GbpD+YUc+DqQfZxPYm+yol4jpqv2oqg== X-Received: by 2002:a24:438e:: with SMTP id s136mr4598535itb.110.1556208199621; Thu, 25 Apr 2019 09:03:19 -0700 (PDT) Received: from [127.0.1.1] ([184.63.162.180]) by smtp.gmail.com with ESMTPSA id d5sm1788088ion.44.2019.04.25.09.03.13 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 25 Apr 2019 09:03:19 -0700 (PDT) Subject: [bpf PATCH v2 1/3] bpf: tls, implement unhash to avoid transition out of ESTABLISHED From: John Fastabend To: jakub.kicinski@netronome.com, john.fastabend@gmail.com, ast@kernel.org, daniel@iogearbox.net Cc: netdev@vger.kernel.org, bpf@vger.kernel.org Date: Thu, 25 Apr 2019 09:03:08 -0700 Message-ID: <155620818860.22884.14832636768748270693.stgit@john-XPS-13-9360> In-Reply-To: <155620799743.22884.8046772841813554446.stgit@john-XPS-13-9360> References: <155620799743.22884.8046772841813554446.stgit@john-XPS-13-9360> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org It is possible (via shutdown()) for TCP socks to go through TCP_CLOSE state via tcp_disconnect() without calling into close callback. This would allow a kTLS enabled socket to exist outside of ESTABLISHED state which is not supported. Solve this the same way we solved the sock{map|hash} case by adding an unhash hook to remove tear down the TLS state. In the process we also make the close hook more robust. We add a put call into the close path, also in the unhash path, to remove the reference to ulp data after free. Its no longer valid and may confuse things later if the socket (re)enters kTLS code paths. Second we add an 'if(ctx)' check to ensure the ctx is still valid and not released from a previous unhash/close path. Fixes: d91c3e17f75f2 ("net/tls: Only attach to sockets in ESTABLISHED state") Reported-by: Eric Dumazet Signed-off-by: John Fastabend --- include/net/tls.h | 14 ++++++++++++- net/tls/tls_main.c | 55 +++++++++++++++++++++++++++++++++++++++------------- net/tls/tls_sw.c | 13 +++++++++--- 3 files changed, 63 insertions(+), 19 deletions(-) diff --git a/include/net/tls.h b/include/net/tls.h index d9d0ac66f040..ae13ea19b375 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -266,6 +266,8 @@ struct tls_context { void (*sk_write_space)(struct sock *sk); void (*sk_destruct)(struct sock *sk); void (*sk_proto_close)(struct sock *sk, long timeout); + void (*sk_proto_unhash)(struct sock *sk); + struct proto *sk_proto; int (*setsockopt)(struct sock *sk, int level, int optname, char __user *optval, @@ -303,7 +305,7 @@ int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size); int tls_sw_sendpage(struct sock *sk, struct page *page, int offset, size_t size, int flags); void tls_sw_close(struct sock *sk, long timeout); -void tls_sw_free_resources_tx(struct sock *sk); +void tls_sw_free_resources_tx(struct sock *sk, bool locked); void tls_sw_free_resources_rx(struct sock *sk); void tls_sw_release_resources_rx(struct sock *sk); int tls_sw_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, @@ -504,6 +506,16 @@ static inline void xor_iv_with_seq(int version, char *iv, char *seq) } } +static inline void tls_put_ctx(struct sock *sk) +{ + struct inet_connection_sock *icsk = inet_csk(sk); + struct tls_context *ctx = icsk->icsk_ulp_data; + + if (!ctx) + return; + sk->sk_prot = ctx->sk_proto; + icsk->icsk_ulp_data = NULL; +} static inline struct tls_sw_context_rx *tls_sw_ctx_rx( const struct tls_context *tls_ctx) diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index 7e546b8ec000..54842d0ddbb5 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -261,23 +261,16 @@ static void tls_ctx_free(struct tls_context *ctx) kfree(ctx); } -static void tls_sk_proto_close(struct sock *sk, long timeout) +static bool tls_sk_proto_destroy(struct sock *sk, + struct tls_context *ctx, bool locked) { - struct tls_context *ctx = tls_get_ctx(sk); long timeo = sock_sndtimeo(sk, 0); - void (*sk_proto_close)(struct sock *sk, long timeout); - bool free_ctx = false; - - lock_sock(sk); - sk_proto_close = ctx->sk_proto_close; if (ctx->tx_conf == TLS_HW_RECORD && ctx->rx_conf == TLS_HW_RECORD) - goto skip_tx_cleanup; + return false; - if (ctx->tx_conf == TLS_BASE && ctx->rx_conf == TLS_BASE) { - free_ctx = true; - goto skip_tx_cleanup; - } + if (ctx->tx_conf == TLS_BASE && ctx->rx_conf == TLS_BASE) + return true; if (!tls_complete_pending_work(sk, ctx, 0, &timeo)) tls_handle_open_record(sk, 0); @@ -286,7 +279,7 @@ static void tls_sk_proto_close(struct sock *sk, long timeout) if (ctx->tx_conf == TLS_SW) { kfree(ctx->tx.rec_seq); kfree(ctx->tx.iv); - tls_sw_free_resources_tx(sk); + tls_sw_free_resources_tx(sk, locked); #ifdef CONFIG_TLS_DEVICE } else if (ctx->tx_conf == TLS_HW) { tls_device_free_resources_tx(sk); @@ -310,8 +303,39 @@ static void tls_sk_proto_close(struct sock *sk, long timeout) tls_ctx_free(ctx); ctx = NULL; } + return false; +} + +static void tls_sk_proto_unhash(struct sock *sk) +{ + struct tls_context *ctx = tls_get_ctx(sk); + void (*sk_proto_unhash)(struct sock *sk); + bool free_ctx; + + if (!ctx) + return sk->sk_prot->unhash(sk); + sk_proto_unhash = ctx->sk_proto_unhash; + free_ctx = tls_sk_proto_destroy(sk, ctx, false); + tls_put_ctx(sk); + if (sk_proto_unhash) + sk_proto_unhash(sk); + if (free_ctx) + tls_ctx_free(ctx); +} -skip_tx_cleanup: +static void tls_sk_proto_close(struct sock *sk, long timeout) +{ + void (*sk_proto_close)(struct sock *sk, long timeout); + struct tls_context *ctx = tls_get_ctx(sk); + bool free_ctx; + + if (!ctx) + return sk->sk_prot->destroy(sk); + + lock_sock(sk); + sk_proto_close = ctx->sk_proto_close; + free_ctx = tls_sk_proto_destroy(sk, ctx, true); + tls_put_ctx(sk); release_sock(sk); sk_proto_close(sk, timeout); /* free ctx for TLS_HW_RECORD, used by tcp_set_state @@ -609,6 +633,8 @@ static struct tls_context *create_ctx(struct sock *sk) ctx->setsockopt = sk->sk_prot->setsockopt; ctx->getsockopt = sk->sk_prot->getsockopt; ctx->sk_proto_close = sk->sk_prot->close; + ctx->sk_proto_unhash = sk->sk_prot->unhash; + ctx->sk_proto = sk->sk_prot; return ctx; } @@ -732,6 +758,7 @@ static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG], prot[TLS_BASE][TLS_BASE].setsockopt = tls_setsockopt; prot[TLS_BASE][TLS_BASE].getsockopt = tls_getsockopt; prot[TLS_BASE][TLS_BASE].close = tls_sk_proto_close; + prot[TLS_BASE][TLS_BASE].unhash = tls_sk_proto_unhash; prot[TLS_SW][TLS_BASE] = prot[TLS_BASE][TLS_BASE]; prot[TLS_SW][TLS_BASE].sendmsg = tls_sw_sendmsg; diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index f780b473827b..0577633c319b 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -2044,7 +2044,7 @@ static void tls_data_ready(struct sock *sk) } } -void tls_sw_free_resources_tx(struct sock *sk) +void tls_sw_free_resources_tx(struct sock *sk, bool locked) { struct tls_context *tls_ctx = tls_get_ctx(sk); struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx); @@ -2055,9 +2055,11 @@ void tls_sw_free_resources_tx(struct sock *sk) if (atomic_read(&ctx->encrypt_pending)) crypto_wait_req(-EINPROGRESS, &ctx->async_wait); - release_sock(sk); + if (locked) + release_sock(sk); cancel_delayed_work_sync(&ctx->tx_work.work); - lock_sock(sk); + if (locked) + lock_sock(sk); /* Tx whatever records we can transmit and abandon the rest */ tls_tx_records(sk, -1); @@ -2080,7 +2082,10 @@ void tls_sw_free_resources_tx(struct sock *sk) kfree(rec); } - crypto_free_aead(ctx->aead_send); + if (ctx->aead_send) { + crypto_free_aead(ctx->aead_send); + ctx->aead_send = NULL; + } tls_free_open_rec(sk); kfree(ctx); From patchwork Thu Apr 25 16:03:25 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Fastabend X-Patchwork-Id: 1090955 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: incoming-bpf@patchwork.ozlabs.org Delivered-To: patchwork-incoming-bpf@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=bpf-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="tOVGSjMK"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44qhnC2YS9z9s00 for ; Fri, 26 Apr 2019 02:03:43 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727175AbfDYQDm (ORCPT ); Thu, 25 Apr 2019 12:03:42 -0400 Received: from mail-io1-f66.google.com ([209.85.166.66]:42311 "EHLO mail-io1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726859AbfDYQDm (ORCPT ); Thu, 25 Apr 2019 12:03:42 -0400 Received: by mail-io1-f66.google.com with SMTP id m188so386413ioa.9; Thu, 25 Apr 2019 09:03:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:from:to:cc:date:message-id:in-reply-to:references :user-agent:mime-version:content-transfer-encoding; bh=mP8S+aTEH0TfrmSoHVNIm1wecVOgLyl9+6N0y5RZVwA=; b=tOVGSjMKPfYnHj5fs3I7dZ8JJPOa9KvniD6MPnPhW076/Wbo/MIsW91fcqGG6DzPhH BnWpOVC9n9Q/8sjJXCIApjnKCDR35R21t+iUDg9EqHSMkb3vYuXu2LhWr6vCbcpFUszv A9XDXt/QOgcjuEVo7UkGHHj5opPE1qEkYtrw9bMUQUdelKhArwxNiFRhxAQbuu4PBdP+ EttgbIMbL5BWoUbfcZUH9cy8hcYqT15RZs/qiBv/w2F5TjZfPClEG8lR2qYGhWGbrR9N H2RW0q4hzF5R09Q1cUBJCok3u5YH+qeZ4D96VQyyLXRlQwnGZoK6Zcu5D4WcfgNPzx/j zWvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:from:to:cc:date:message-id:in-reply-to :references:user-agent:mime-version:content-transfer-encoding; bh=mP8S+aTEH0TfrmSoHVNIm1wecVOgLyl9+6N0y5RZVwA=; b=iFfo3HXtbpAsWDLsvjyHBmABM6XYI6Yc9FkfoMZge0yfrEDpWXLCohS2mmCI2RALC6 3m005F6TNn0un0LMbe4jukaQ23Pfz5vPPbSRXH/nQGXeI8gq6tiXIoRiB7BSxYOCQUp/ +jrW49ONSiOMf7l8b2kCVmRlDbaQq4LJzhV8NUU37te3jjkPVwAGqmdgeuuLuttx3pMZ ikkBeh3Io/hGyaetL2IvMdCgYue42VAbqZYeawN1BTbHd9bI/B8W6vRFua8yYXY+oyO/ 9P89jO7z9ZMj2Tex9aDvcAZ3vUeRttbNRtYKpn+uUYzFC/P3iASz8WoElzbDeDkcKMb4 B63A== X-Gm-Message-State: APjAAAUnhXxDiYKpbtOOiDlIr6QEihrFuofArztEZ0+w05S2icQxLH72 xQ4pHov6uVg7fRve4DuHkP0= X-Google-Smtp-Source: APXvYqyZdFKCFUOxxDjVPVb2hhs7xO+eX3vun8mFXjPZsituIWhIninfz8D8N92V46eOhCqQhk0K+w== X-Received: by 2002:a6b:cd89:: with SMTP id d131mr24448277iog.213.1556208221459; Thu, 25 Apr 2019 09:03:41 -0700 (PDT) Received: from [127.0.1.1] ([184.63.162.180]) by smtp.gmail.com with ESMTPSA id y203sm10215796itb.22.2019.04.25.09.03.35 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 25 Apr 2019 09:03:40 -0700 (PDT) Subject: [bpf PATCH v2 2/3] bpf: sockmap remove duplicate queue free From: John Fastabend To: jakub.kicinski@netronome.com, john.fastabend@gmail.com, ast@kernel.org, daniel@iogearbox.net Cc: netdev@vger.kernel.org, bpf@vger.kernel.org Date: Thu, 25 Apr 2019 09:03:25 -0700 Message-ID: <155620820561.22884.3039312050426038300.stgit@john-XPS-13-9360> In-Reply-To: <155620799743.22884.8046772841813554446.stgit@john-XPS-13-9360> References: <155620799743.22884.8046772841813554446.stgit@john-XPS-13-9360> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Sender: bpf-owner@vger.kernel.org Precedence: bulk List-Id: netdev.vger.kernel.org In tcp bpf remove we free the cork list and purge the ingress msg list. However we do this before the ref count reaches zero so it could be possible some other access is in progress. In this case (tcp close and/or tcp_unhash) we happen to also hold the sock lock so no path exists but lets fix it otherwise it is extremely fragile and breaks the reference counting rules. Also we already check the cork list and ingress msg queue and free them once the ref count reaches zero so its wasteful to check twice. Fixes: 604326b41a6fb ("bpf, sockmap: convert to generic sk_msg interface") Signed-off-by: John Fastabend --- net/ipv4/tcp_bpf.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/net/ipv4/tcp_bpf.c b/net/ipv4/tcp_bpf.c index 1bb7321a256d..4a619c85daed 100644 --- a/net/ipv4/tcp_bpf.c +++ b/net/ipv4/tcp_bpf.c @@ -528,8 +528,6 @@ static void tcp_bpf_remove(struct sock *sk, struct sk_psock *psock) { struct sk_psock_link *link; - sk_psock_cork_free(psock); - __sk_psock_purge_ingress_msg(psock); while ((link = sk_psock_link_pop(psock))) { sk_psock_unlink(sk, link); sk_psock_free_link(link); From patchwork Thu Apr 25 16:03:47 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Fastabend X-Patchwork-Id: 1090957 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: incoming-bpf@patchwork.ozlabs.org Delivered-To: patchwork-incoming-bpf@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=bpf-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="doPDsqQF"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44qhnW5zXMz9s00 for ; Fri, 26 Apr 2019 02:03:59 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727233AbfDYQD7 (ORCPT ); Thu, 25 Apr 2019 12:03:59 -0400 Received: from mail-it1-f196.google.com ([209.85.166.196]:53335 "EHLO mail-it1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726859AbfDYQD7 (ORCPT ); Thu, 25 Apr 2019 12:03:59 -0400 Received: by mail-it1-f196.google.com with SMTP id z4so974286itc.3; Thu, 25 Apr 2019 09:03:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:from:to:cc:date:message-id:in-reply-to:references :user-agent:mime-version:content-transfer-encoding; bh=WzJyuh/ma1ajUJQPClMwlhf7p+o4ybJ/vyppnP30TzU=; b=doPDsqQFqRqg/8j8mLsSdy2Ea/jCpse5NX1+N8m/Tx8/1wtCadZv/UxXOipbqd39wq n6nXR0MrsXjqYsVWq4JR36aZFAfM2uuvjnzRnXp05SbxeQ0Nig94mNlfgCD+c4JwxB/5 Z/g2DIYPHLg9kEdybHgaqyM+e7TlOz60mvzf6SHJ25rzkDk2jF/RvdV3lmJCOxvFJY79 l7pzMi5OgjyynM/uhujagQOhw3eESTMigyB+nMUidnz1iRHA040aq6yM929slpU7VW6W 9ijVB4rxCxA5nWzcPaB36OC2EPVhp4E2ZR8r6aTamHjavFCMw1CuYYzSRCtqUEmakX3o aqbg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:from:to:cc:date:message-id:in-reply-to :references:user-agent:mime-version:content-transfer-encoding; bh=WzJyuh/ma1ajUJQPClMwlhf7p+o4ybJ/vyppnP30TzU=; b=k6mNk88HzYwh3T69aM+91vdyEJaCeIGrp0h7DWc8QUKIwIV8mmbVdrqhMVgrC943W6 tomKDrP1lmTQjmBgs9vJ+MnQpLrhNY9BHwwy7QHgDlXfNSv4a4++2sfzY7M8N6lbxQYM 8xXk5BmRNkAJkIXOuh0kFtYGfHNoro+HTqoJF/lPlaQvm/xSoblw+uo8FqpRuYp4lP2c /tt/6SsdxwWLzzRNdHYBj0I1doGDrY5ygWMjh9B5hQ1UULhpm7KwlULiXRk7sHuXm809 xqrAez7ocHPxr3sjVtllQfV/OyqKvidtpL+V+seiWaB4eRvFAZ/u/o3fKlVwQektqyeL MBFQ== X-Gm-Message-State: APjAAAU+ORYR56dCBURBd1h2tpPIIzJLedAhD802jQhFvaOYv5TQvviP U0lMj+EVRq3DXMRNqqMmZys= X-Google-Smtp-Source: APXvYqzxIOt9YlC7G3NKGTmpDOBV8fWO/h8wGSPrOufr/4NvmkOpQ224K5+KhXQ+XJLmNnirem6jIQ== X-Received: by 2002:a24:650d:: with SMTP id u13mr4291735itb.95.1556208238496; Thu, 25 Apr 2019 09:03:58 -0700 (PDT) Received: from [127.0.1.1] ([184.63.162.180]) by smtp.gmail.com with ESMTPSA id k18sm7722234iob.60.2019.04.25.09.03.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 25 Apr 2019 09:03:57 -0700 (PDT) Subject: [bpf PATCH v2 3/3] bpf: sockmap fix msg->sg.size account on ingress skb From: John Fastabend To: jakub.kicinski@netronome.com, john.fastabend@gmail.com, ast@kernel.org, daniel@iogearbox.net Cc: netdev@vger.kernel.org, bpf@vger.kernel.org Date: Thu, 25 Apr 2019 09:03:47 -0700 Message-ID: <155620822744.22884.2153244672128774358.stgit@john-XPS-13-9360> In-Reply-To: <155620799743.22884.8046772841813554446.stgit@john-XPS-13-9360> References: <155620799743.22884.8046772841813554446.stgit@john-XPS-13-9360> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Sender: bpf-owner@vger.kernel.org Precedence: bulk List-Id: netdev.vger.kernel.org When converting a skb to msg->sg we forget to set the size after the latest ktls/tls code conversion. This patch can be reached by doing a redir into ingress path from BPF skb sock recv hook. Then trying to read the size fails. Fix this by setting the size. Fixes: 604326b41a6fb ("bpf, sockmap: convert to generic sk_msg interface") Signed-off-by: John Fastabend --- net/core/skmsg.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/core/skmsg.c b/net/core/skmsg.c index cc94d921476c..782ae9eb4dce 100644 --- a/net/core/skmsg.c +++ b/net/core/skmsg.c @@ -411,6 +411,7 @@ static int sk_psock_skb_ingress(struct sk_psock *psock, struct sk_buff *skb) sk_mem_charge(sk, skb->len); copied = skb->len; msg->sg.start = 0; + msg->sg.size = copied; msg->sg.end = num_sge == MAX_MSG_FRAGS ? 0 : num_sge; msg->skb = skb;